Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c99889cce9875872961f69a831124300_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
c99889cce9875872961f69a831124300_NeikiAnalytics.exe
-
Size
59KB
-
MD5
c99889cce9875872961f69a831124300
-
SHA1
e79cdab3e53854dcc934101918db5f7e439ab9eb
-
SHA256
3f4f019e25541f2a990926cfb1d825481a0102e2483af016867ff3b39ae6cc0a
-
SHA512
9bae2bd690133c15b3b9faba6a22d3427b489a5a6aae01c30bab794b907aab311ce1c96f1cd26db6ea0f7e3c29a010857d2be40a2a49beab08e8b4227c49bccf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9Ug9:ymb3NkkiQ3mdBjFIvlqg9
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
resource yara_rule behavioral1/memory/2292-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2292-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2112-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2712-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2520-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1880-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2916-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1752-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1688-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2072-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2868-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/352-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/972-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1584-217-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1440-225-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3048-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2352-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/920-261-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1464-270-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-279-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1128-288-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2112 jppvd.exe 2720 fffrlxl.exe 2712 1tbhbn.exe 2508 jdddd.exe 2520 llxrxfr.exe 2548 7tntnt.exe 1880 htnthn.exe 2760 pjvjd.exe 2840 vvdjv.exe 2916 xxrrlfr.exe 556 nhnbht.exe 1752 thbtbt.exe 1864 vvdpv.exe 1688 fxllxfx.exe 2400 hbnnbb.exe 856 bnbhnn.exe 2072 vpjpp.exe 1980 jdvdv.exe 2868 rrrlrrf.exe 352 bbntnn.exe 972 hhhthh.exe 1584 dvdvp.exe 1440 fxrflrf.exe 2432 1ffrxrf.exe 3048 bthhnt.exe 2352 5nbtbb.exe 920 jjpdj.exe 1464 3frxfrl.exe 2912 tttbbn.exe 1128 vdjjp.exe 2232 jpjvj.exe 844 rllxrrf.exe 2004 thbnbb.exe 3044 5nbhbb.exe 2668 dvjpv.exe 2596 frxxllr.exe 2724 fxxllrl.exe 2784 bhntbh.exe 2256 hbthhn.exe 2476 9dvdd.exe 2488 3jjpv.exe 2940 lllflrf.exe 112 9xrfllf.exe 2716 1nnbnb.exe 2816 vpjpd.exe 2828 vpjpd.exe 1888 ffrrflr.exe 1492 5bbtbh.exe 1560 tnbhhh.exe 1740 dvvdj.exe 1452 djvjd.exe 1368 rxlfrff.exe 1688 thhhnn.exe 884 5tttbh.exe 2260 7nhhtb.exe 1936 vpjpd.exe 1900 dvpvj.exe 2236 xxxflrx.exe 2868 bnbbnt.exe 676 hbhhhh.exe 568 vjvvj.exe 1784 dvvdp.exe 1788 lflrlrf.exe 1712 rrffllx.exe -
resource yara_rule behavioral1/memory/2292-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2112-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1880-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2916-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1752-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1688-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2072-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/352-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/972-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1584-217-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1440-225-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3048-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2352-252-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/920-261-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1464-270-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-279-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1128-288-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2292 wrote to memory of 2112 2292 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2112 2292 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2112 2292 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 28 PID 2292 wrote to memory of 2112 2292 c99889cce9875872961f69a831124300_NeikiAnalytics.exe 28 PID 2112 wrote to memory of 2720 2112 jppvd.exe 29 PID 2112 wrote to memory of 2720 2112 jppvd.exe 29 PID 2112 wrote to memory of 2720 2112 jppvd.exe 29 PID 2112 wrote to memory of 2720 2112 jppvd.exe 29 PID 2720 wrote to memory of 2712 2720 fffrlxl.exe 30 PID 2720 wrote to memory of 2712 2720 fffrlxl.exe 30 PID 2720 wrote to memory of 2712 2720 fffrlxl.exe 30 PID 2720 wrote to memory of 2712 2720 fffrlxl.exe 30 PID 2712 wrote to memory of 2508 2712 1tbhbn.exe 31 PID 2712 wrote to memory of 2508 2712 1tbhbn.exe 31 PID 2712 wrote to memory of 2508 2712 1tbhbn.exe 31 PID 2712 wrote to memory of 2508 2712 1tbhbn.exe 31 PID 2508 wrote to memory of 2520 2508 jdddd.exe 32 PID 2508 wrote to memory of 2520 2508 jdddd.exe 32 PID 2508 wrote to memory of 2520 2508 jdddd.exe 32 PID 2508 wrote to memory of 2520 2508 jdddd.exe 32 PID 2520 wrote to memory of 2548 2520 llxrxfr.exe 33 PID 2520 wrote to memory of 2548 2520 llxrxfr.exe 33 PID 2520 wrote to memory of 2548 2520 llxrxfr.exe 33 PID 2520 wrote to memory of 2548 2520 llxrxfr.exe 33 PID 2548 wrote to memory of 1880 2548 7tntnt.exe 34 PID 2548 wrote to memory of 1880 2548 7tntnt.exe 34 PID 2548 wrote to memory of 1880 2548 7tntnt.exe 34 PID 2548 wrote to memory of 1880 2548 7tntnt.exe 34 PID 1880 wrote to memory of 2760 1880 htnthn.exe 35 PID 1880 wrote to memory of 2760 1880 htnthn.exe 35 PID 1880 wrote to memory of 2760 1880 htnthn.exe 35 PID 1880 wrote to memory of 2760 1880 htnthn.exe 35 PID 2760 wrote to memory of 2840 2760 pjvjd.exe 36 PID 2760 wrote to memory of 2840 2760 pjvjd.exe 36 PID 2760 wrote to memory of 2840 2760 pjvjd.exe 36 PID 2760 wrote to memory of 2840 2760 pjvjd.exe 36 PID 2840 wrote to memory of 2916 2840 vvdjv.exe 37 PID 2840 wrote to memory of 2916 2840 vvdjv.exe 37 PID 2840 wrote to memory of 2916 2840 vvdjv.exe 37 PID 2840 wrote to memory of 2916 2840 vvdjv.exe 37 PID 2916 wrote to memory of 556 2916 xxrrlfr.exe 38 PID 2916 wrote to memory of 556 2916 xxrrlfr.exe 38 PID 2916 wrote to memory of 556 2916 xxrrlfr.exe 38 PID 2916 wrote to memory of 556 2916 xxrrlfr.exe 38 PID 556 wrote to memory of 1752 556 nhnbht.exe 39 PID 556 wrote to memory of 1752 556 nhnbht.exe 39 PID 556 wrote to memory of 1752 556 nhnbht.exe 39 PID 556 wrote to memory of 1752 556 nhnbht.exe 39 PID 1752 wrote to memory of 1864 1752 thbtbt.exe 40 PID 1752 wrote to memory of 1864 1752 thbtbt.exe 40 PID 1752 wrote to memory of 1864 1752 thbtbt.exe 40 PID 1752 wrote to memory of 1864 1752 thbtbt.exe 40 PID 1864 wrote to memory of 1688 1864 vvdpv.exe 41 PID 1864 wrote to memory of 1688 1864 vvdpv.exe 41 PID 1864 wrote to memory of 1688 1864 vvdpv.exe 41 PID 1864 wrote to memory of 1688 1864 vvdpv.exe 41 PID 1688 wrote to memory of 2400 1688 fxllxfx.exe 42 PID 1688 wrote to memory of 2400 1688 fxllxfx.exe 42 PID 1688 wrote to memory of 2400 1688 fxllxfx.exe 42 PID 1688 wrote to memory of 2400 1688 fxllxfx.exe 42 PID 2400 wrote to memory of 856 2400 hbnnbb.exe 43 PID 2400 wrote to memory of 856 2400 hbnnbb.exe 43 PID 2400 wrote to memory of 856 2400 hbnnbb.exe 43 PID 2400 wrote to memory of 856 2400 hbnnbb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c99889cce9875872961f69a831124300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c99889cce9875872961f69a831124300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\jppvd.exec:\jppvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2112 -
\??\c:\fffrlxl.exec:\fffrlxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\1tbhbn.exec:\1tbhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\jdddd.exec:\jdddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\llxrxfr.exec:\llxrxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\7tntnt.exec:\7tntnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\htnthn.exec:\htnthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1880 -
\??\c:\pjvjd.exec:\pjvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\vvdjv.exec:\vvdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\xxrrlfr.exec:\xxrrlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\nhnbht.exec:\nhnbht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:556 -
\??\c:\thbtbt.exec:\thbtbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1752 -
\??\c:\vvdpv.exec:\vvdpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1864 -
\??\c:\fxllxfx.exec:\fxllxfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\hbnnbb.exec:\hbnnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\bnbhnn.exec:\bnbhnn.exe17⤵
- Executes dropped EXE
PID:856 -
\??\c:\vpjpp.exec:\vpjpp.exe18⤵
- Executes dropped EXE
PID:2072 -
\??\c:\jdvdv.exec:\jdvdv.exe19⤵
- Executes dropped EXE
PID:1980 -
\??\c:\rrrlrrf.exec:\rrrlrrf.exe20⤵
- Executes dropped EXE
PID:2868 -
\??\c:\bbntnn.exec:\bbntnn.exe21⤵
- Executes dropped EXE
PID:352 -
\??\c:\hhhthh.exec:\hhhthh.exe22⤵
- Executes dropped EXE
PID:972 -
\??\c:\dvdvp.exec:\dvdvp.exe23⤵
- Executes dropped EXE
PID:1584 -
\??\c:\fxrflrf.exec:\fxrflrf.exe24⤵
- Executes dropped EXE
PID:1440 -
\??\c:\1ffrxrf.exec:\1ffrxrf.exe25⤵
- Executes dropped EXE
PID:2432 -
\??\c:\bthhnt.exec:\bthhnt.exe26⤵
- Executes dropped EXE
PID:3048 -
\??\c:\5nbtbb.exec:\5nbtbb.exe27⤵
- Executes dropped EXE
PID:2352 -
\??\c:\jjpdj.exec:\jjpdj.exe28⤵
- Executes dropped EXE
PID:920 -
\??\c:\3frxfrl.exec:\3frxfrl.exe29⤵
- Executes dropped EXE
PID:1464 -
\??\c:\tttbbn.exec:\tttbbn.exe30⤵
- Executes dropped EXE
PID:2912 -
\??\c:\vdjjp.exec:\vdjjp.exe31⤵
- Executes dropped EXE
PID:1128 -
\??\c:\jpjvj.exec:\jpjvj.exe32⤵
- Executes dropped EXE
PID:2232 -
\??\c:\rllxrrf.exec:\rllxrrf.exe33⤵
- Executes dropped EXE
PID:844 -
\??\c:\thbnbb.exec:\thbnbb.exe34⤵
- Executes dropped EXE
PID:2004 -
\??\c:\5nbhbb.exec:\5nbhbb.exe35⤵
- Executes dropped EXE
PID:3044 -
\??\c:\dvjpv.exec:\dvjpv.exe36⤵
- Executes dropped EXE
PID:2668 -
\??\c:\frxxllr.exec:\frxxllr.exe37⤵
- Executes dropped EXE
PID:2596 -
\??\c:\fxxllrl.exec:\fxxllrl.exe38⤵
- Executes dropped EXE
PID:2724 -
\??\c:\bhntbh.exec:\bhntbh.exe39⤵
- Executes dropped EXE
PID:2784 -
\??\c:\hbthhn.exec:\hbthhn.exe40⤵
- Executes dropped EXE
PID:2256 -
\??\c:\9dvdd.exec:\9dvdd.exe41⤵
- Executes dropped EXE
PID:2476 -
\??\c:\3jjpv.exec:\3jjpv.exe42⤵
- Executes dropped EXE
PID:2488 -
\??\c:\lllflrf.exec:\lllflrf.exe43⤵
- Executes dropped EXE
PID:2940 -
\??\c:\9xrfllf.exec:\9xrfllf.exe44⤵
- Executes dropped EXE
PID:112 -
\??\c:\1nnbnb.exec:\1nnbnb.exe45⤵
- Executes dropped EXE
PID:2716 -
\??\c:\vpjpd.exec:\vpjpd.exe46⤵
- Executes dropped EXE
PID:2816 -
\??\c:\vpjpd.exec:\vpjpd.exe47⤵
- Executes dropped EXE
PID:2828 -
\??\c:\ffrrflr.exec:\ffrrflr.exe48⤵
- Executes dropped EXE
PID:1888 -
\??\c:\5bbtbh.exec:\5bbtbh.exe49⤵
- Executes dropped EXE
PID:1492 -
\??\c:\tnbhhh.exec:\tnbhhh.exe50⤵
- Executes dropped EXE
PID:1560 -
\??\c:\dvvdj.exec:\dvvdj.exe51⤵
- Executes dropped EXE
PID:1740 -
\??\c:\djvjd.exec:\djvjd.exe52⤵
- Executes dropped EXE
PID:1452 -
\??\c:\rxlfrff.exec:\rxlfrff.exe53⤵
- Executes dropped EXE
PID:1368 -
\??\c:\thhhnn.exec:\thhhnn.exe54⤵
- Executes dropped EXE
PID:1688 -
\??\c:\5tttbh.exec:\5tttbh.exe55⤵
- Executes dropped EXE
PID:884 -
\??\c:\7nhhtb.exec:\7nhhtb.exe56⤵
- Executes dropped EXE
PID:2260 -
\??\c:\vpjpd.exec:\vpjpd.exe57⤵
- Executes dropped EXE
PID:1936 -
\??\c:\dvpvj.exec:\dvpvj.exe58⤵
- Executes dropped EXE
PID:1900 -
\??\c:\xxxflrx.exec:\xxxflrx.exe59⤵
- Executes dropped EXE
PID:2236 -
\??\c:\bnbbnt.exec:\bnbbnt.exe60⤵
- Executes dropped EXE
PID:2868 -
\??\c:\hbhhhh.exec:\hbhhhh.exe61⤵
- Executes dropped EXE
PID:676 -
\??\c:\vjvvj.exec:\vjvvj.exe62⤵
- Executes dropped EXE
PID:568 -
\??\c:\dvvdp.exec:\dvvdp.exe63⤵
- Executes dropped EXE
PID:1784 -
\??\c:\lflrlrf.exec:\lflrlrf.exe64⤵
- Executes dropped EXE
PID:1788 -
\??\c:\rrffllx.exec:\rrffllx.exe65⤵
- Executes dropped EXE
PID:1712 -
\??\c:\btbnbb.exec:\btbnbb.exe66⤵PID:2320
-
\??\c:\nhtntt.exec:\nhtntt.exe67⤵PID:2316
-
\??\c:\pjdpd.exec:\pjdpd.exe68⤵PID:2272
-
\??\c:\3pvvj.exec:\3pvvj.exe69⤵PID:2200
-
\??\c:\5xxlfrr.exec:\5xxlfrr.exe70⤵PID:920
-
\??\c:\rlrfrrx.exec:\rlrfrrx.exe71⤵PID:1572
-
\??\c:\hbnnnn.exec:\hbnnnn.exe72⤵PID:2220
-
\??\c:\tnnthh.exec:\tnnthh.exe73⤵PID:2160
-
\??\c:\dvdjv.exec:\dvdjv.exe74⤵PID:872
-
\??\c:\dpvvp.exec:\dpvvp.exe75⤵PID:2976
-
\??\c:\ffxrffl.exec:\ffxrffl.exe76⤵PID:1544
-
\??\c:\7lxflrx.exec:\7lxflrx.exe77⤵PID:1536
-
\??\c:\nnhnbb.exec:\nnhnbb.exe78⤵PID:2700
-
\??\c:\hbnbtt.exec:\hbnbtt.exe79⤵PID:2680
-
\??\c:\pjpvd.exec:\pjpvd.exe80⤵PID:3024
-
\??\c:\5pjjv.exec:\5pjjv.exe81⤵PID:2720
-
\??\c:\5pdpj.exec:\5pdpj.exe82⤵PID:2496
-
\??\c:\lfflrxl.exec:\lfflrxl.exe83⤵PID:2644
-
\??\c:\xxrflrx.exec:\xxrflrx.exe84⤵PID:2520
-
\??\c:\hhtnbn.exec:\hhtnbn.exe85⤵PID:2524
-
\??\c:\tnbhbh.exec:\tnbhbh.exe86⤵PID:816
-
\??\c:\1dvvv.exec:\1dvvv.exe87⤵PID:1852
-
\??\c:\jdvjj.exec:\jdvjj.exe88⤵PID:2756
-
\??\c:\lflrllx.exec:\lflrllx.exe89⤵PID:2796
-
\??\c:\3rrrllr.exec:\3rrrllr.exe90⤵PID:1460
-
\??\c:\hhhtbb.exec:\hhhtbb.exe91⤵PID:1860
-
\??\c:\ttbbbb.exec:\ttbbbb.exe92⤵PID:556
-
\??\c:\dvjvj.exec:\dvjvj.exe93⤵PID:2128
-
\??\c:\jdvjp.exec:\jdvjp.exe94⤵PID:1564
-
\??\c:\5xflxfl.exec:\5xflxfl.exe95⤵PID:2204
-
\??\c:\tnbbbh.exec:\tnbbbh.exe96⤵PID:1288
-
\??\c:\5nbbnt.exec:\5nbbnt.exe97⤵PID:2044
-
\??\c:\9ddjv.exec:\9ddjv.exe98⤵PID:1320
-
\??\c:\5vjdj.exec:\5vjdj.exe99⤵PID:2072
-
\??\c:\xrflrlf.exec:\xrflrlf.exe100⤵PID:2216
-
\??\c:\xxfxlxr.exec:\xxfxlxr.exe101⤵PID:2052
-
\??\c:\tnnbnt.exec:\tnnbnt.exe102⤵PID:480
-
\??\c:\3bbhtb.exec:\3bbhtb.exe103⤵PID:1412
-
\??\c:\dvjpj.exec:\dvjpj.exe104⤵PID:2652
-
\??\c:\vpdjv.exec:\vpdjv.exe105⤵PID:2960
-
\??\c:\xrflxxr.exec:\xrflxxr.exe106⤵PID:1132
-
\??\c:\llflxxl.exec:\llflxxl.exe107⤵PID:2268
-
\??\c:\btbthn.exec:\btbthn.exe108⤵PID:2088
-
\??\c:\nbnnhn.exec:\nbnnhn.exe109⤵PID:316
-
\??\c:\jvjpp.exec:\jvjpp.exe110⤵PID:1048
-
\??\c:\1dvjv.exec:\1dvjv.exe111⤵PID:2372
-
\??\c:\xfllfxl.exec:\xfllfxl.exe112⤵PID:920
-
\??\c:\1flllll.exec:\1flllll.exe113⤵PID:1216
-
\??\c:\hbntnt.exec:\hbntnt.exe114⤵PID:1988
-
\??\c:\nhttbn.exec:\nhttbn.exe115⤵PID:2096
-
\??\c:\5vjjj.exec:\5vjjj.exe116⤵PID:1884
-
\??\c:\1jdpd.exec:\1jdpd.exe117⤵PID:1672
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe118⤵PID:1548
-
\??\c:\lfrflrx.exec:\lfrflrx.exe119⤵PID:2112
-
\??\c:\tnnhbh.exec:\tnnhbh.exe120⤵PID:2620
-
\??\c:\tnhhnn.exec:\tnhhnn.exe121⤵PID:2740
-
\??\c:\5nnthb.exec:\5nnthb.exe122⤵PID:2800
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-